Pixel is being updated — beating Samsung Galaxy phones
Here we go again. Google’s Android’s security update for March warns that more vulnerabilities are under attack. As ever there’s little information, but that shouldn’t matter — what does is that you update your phone as soon as you can. This is the second month running we have seen attacks confirmed on Android phones.
The two exploited vulnerabilities are CVE-2024-43093 and CVE-2024-50302. The first affects Android’s underlying framework and the second Android’s kernel. Google warns both “could lead to local escalation of privilege with User execution privileges needed.”
What’s interesting is that while both fixes will be available for Pixels within the coming days, only the first — CVE-2024-43093 — has made its way into Samsung’s own security release for March. We have seen this fix before in November, and it’s unclear why it has made its way into releases again this month. As for the new CVE-2024-50302, given the nature of the USB forensic attack risk it’s likely to apply to Galaxy phones as much as Pixels, but we often see Galaxy updates lag a month behind.
It’s almost certain the U.S. cyber defense agency will now mandate all federal employees to update or stop using their Android phones given these attacks. The newer exploit has likely been used in recently reported attacks in Europe. Pixels will have no problem complying, and it’s critical that Samsungs can do the same.
March security warning
This is a bumper security update, with a raft of critical system fixes, many of which only apply to Android 15. That will affect most Pixels after their upgrade, albeit only the new Galaxy S25 and some brand new A Series phones are running Android 15 on Samsung’s side. That said, the Galaxy-maker does include 11 critical fixes within its update.
Such is the length of delay of Samsung’s Android 15 / One UI 7 update, that SamMobile suggests it “has forced Samsung to do something unexpected. It could skip One UI 7.1 and One UI 7.1.1 to directly release One UI 8.0 after One UI 7.0.” That will be because Android 16 — which will drive One UI 8 — is already in beta, but only on Pixels.
The Android 15 upgrade, the Android 16 beta, and this latest critical security update with a delay on Samsung’s side, all suggest there needs to be an Android rethink. It doesn’t seem sustainable for Pixel to keep surging ahead while Samsung — Android leading OEM — trails behind. All phones need these fixes right away. Once in the public domain, the threat level increases. Delays are dangerous.
On the security front, Android should be pushing for the same everyone, everywhere approach that locks down iPhones when Apple issues its updates. Pixel is close to achieving this now, Samsung should do the same. Meanwhile, while information on the latest attacks remains limited, ensure you install the update as soon as available.